@opengis/fastify-table 2.0.106 → 2.0.108
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/script/adduser +15 -0
- package/dist/script/dump.js +176 -0
- package/dist/script/migrate.js +25 -0
- package/dist/server/plugins/auth/funcs/verifyPassword.d.ts.map +1 -1
- package/dist/server/plugins/auth/funcs/verifyPassword.js +3 -1
- package/dist/server/plugins/crud/funcs/dataInsert.js +2 -2
- package/dist/server/plugins/crud/funcs/dataUpdate.d.ts.map +1 -1
- package/dist/server/plugins/crud/funcs/dataUpdate.js +9 -6
- package/dist/server/plugins/crud/funcs/validateData.js +1 -1
- package/dist/server/plugins/file/providers/fs.js +2 -2
- package/dist/server/plugins/file/providers/s3/funcs/downloadFile.d.ts.map +1 -1
- package/dist/server/plugins/file/providers/s3/funcs/downloadFile.js +1 -2
- package/dist/server/plugins/file/providers/s3/funcs/fileExists.d.ts.map +1 -1
- package/dist/server/plugins/file/providers/s3/funcs/fileExists.js +1 -2
- package/dist/server/plugins/file/providers/s3/funcs/uploadFile.d.ts.map +1 -1
- package/dist/server/plugins/file/providers/s3/funcs/uploadFile.js +1 -2
- package/dist/server/plugins/file/providers/s3/index.js +4 -4
- package/dist/server/plugins/logger/getLogger.d.ts.map +1 -1
- package/dist/server/plugins/logger/getLogger.js +14 -11
- package/dist/server/plugins/logger/index.d.ts.map +1 -1
- package/dist/server/plugins/logger/index.js +5 -4
- package/dist/server/plugins/migration/exec.migrations.js +6 -6
- package/dist/server/plugins/pg/funcs/getMeta.d.ts.map +1 -1
- package/dist/server/plugins/pg/funcs/getMeta.js +3 -5
- package/dist/server/plugins/pg/funcs/getPG.d.ts.map +1 -1
- package/dist/server/plugins/pg/funcs/getPG.js +2 -1
- package/dist/server/plugins/pg/funcs/getPGAsync.js +2 -2
- package/dist/server/plugins/pg/funcs/init.d.ts +1 -1
- package/dist/server/plugins/pg/funcs/init.d.ts.map +1 -1
- package/dist/server/plugins/pg/funcs/init.js +43 -36
- package/dist/server/plugins/pg/funcs/pool.d.ts.map +1 -1
- package/dist/server/plugins/pg/funcs/pool.js +12 -18
- package/dist/server/plugins/pg/index.d.ts.map +1 -1
- package/dist/server/plugins/pg/index.js +3 -2
- package/dist/server/plugins/redis/funcs/getRedis.d.ts.map +1 -1
- package/dist/server/plugins/redis/funcs/getRedis.js +7 -5
- package/dist/server/plugins/redis/index.d.ts.map +1 -1
- package/dist/server/plugins/redis/index.js +4 -1
- package/dist/server/plugins/sqlite/index.d.ts.map +1 -1
- package/dist/server/plugins/sqlite/index.js +7 -3
- package/dist/server/plugins/table/funcs/getFilter.d.ts +1 -1
- package/dist/server/plugins/table/funcs/getFilter.d.ts.map +1 -1
- package/dist/server/plugins/table/funcs/getFilter.js +14 -1
- package/dist/server/plugins/table/funcs/getSelectMeta.d.ts.map +1 -1
- package/dist/server/plugins/table/funcs/getSelectMeta.js +2 -4
- package/dist/server/plugins/table/funcs/gisIRColumn.d.ts +2 -2
- package/dist/server/plugins/table/funcs/gisIRColumn.js +1 -1
- package/dist/server/plugins/upload/finishUpload.d.ts +9 -0
- package/dist/server/plugins/upload/finishUpload.d.ts.map +1 -0
- package/dist/server/plugins/upload/finishUpload.js +33 -0
- package/dist/server/plugins/upload/getUploadStatus.d.ts +5 -0
- package/dist/server/plugins/upload/getUploadStatus.d.ts.map +1 -0
- package/dist/server/plugins/upload/getUploadStatus.js +36 -0
- package/dist/server/plugins/upload/index.d.ts +6 -0
- package/dist/server/plugins/upload/index.d.ts.map +1 -0
- package/dist/server/plugins/upload/index.js +12 -0
- package/dist/server/plugins/upload/startUpload.d.ts +8 -0
- package/dist/server/plugins/upload/startUpload.d.ts.map +1 -0
- package/dist/server/plugins/upload/startUpload.js +53 -0
- package/dist/server/plugins/upload/uploadChunk.d.ts +9 -0
- package/dist/server/plugins/upload/uploadChunk.d.ts.map +1 -0
- package/dist/server/plugins/upload/uploadChunk.js +47 -0
- package/dist/server/plugins/util/funcs/unflattenObject.d.ts.map +1 -1
- package/dist/server/plugins/util/funcs/unflattenObject.js +5 -3
- package/dist/server/routes/access/controllers/access.group.d.ts +2 -2
- package/dist/server/routes/access/controllers/access.group.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.group.js +0 -1
- package/dist/server/routes/access/controllers/access.group.post.d.ts +2 -2
- package/dist/server/routes/access/controllers/access.group.post.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.group.post.js +0 -1
- package/dist/server/routes/auth/controllers/2factor/providers/totp.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/2factor/providers/totp.js +1 -1
- package/dist/server/routes/auth/controllers/core/registration.d.ts +1 -1
- package/dist/server/routes/auth/controllers/core/registration.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/core/registration.js +37 -9
- package/dist/server/routes/auth/controllers/core/updateUserInfo.js +1 -1
- package/dist/server/routes/auth/controllers/jwt/authorize.js +5 -5
- package/dist/server/routes/auth/controllers/jwt/token.d.ts.map +1 -1
- package/dist/server/routes/auth/controllers/jwt/token.js +10 -12
- package/dist/server/routes/cron/controllers/cronApi.d.ts +1 -1
- package/dist/server/routes/cron/controllers/cronApi.d.ts.map +1 -1
- package/dist/server/routes/cron/controllers/cronApi.js +5 -3
- package/dist/server/routes/crud/controllers/insert.d.ts +1 -4
- package/dist/server/routes/crud/controllers/insert.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/insert.js +24 -16
- package/dist/server/routes/crud/controllers/table.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/table.js +13 -6
- package/dist/server/routes/crud/controllers/update.d.ts.map +1 -1
- package/dist/server/routes/crud/controllers/update.js +23 -15
- package/dist/server/routes/file/controllers/delete.d.ts +1 -15
- package/dist/server/routes/file/controllers/delete.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/delete.js +13 -20
- package/dist/server/routes/file/controllers/download.d.ts +2 -2
- package/dist/server/routes/file/controllers/download.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/download.js +39 -30
- package/dist/server/routes/file/controllers/files.d.ts +2 -1
- package/dist/server/routes/file/controllers/files.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/files.js +15 -11
- package/dist/server/routes/file/controllers/resize.d.ts +1 -2
- package/dist/server/routes/file/controllers/resize.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/resize.js +17 -6
- package/dist/server/routes/file/controllers/upload.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/upload.js +17 -16
- package/dist/server/routes/file/controllers/uploadImage.d.ts +11 -13
- package/dist/server/routes/file/controllers/uploadImage.d.ts.map +1 -1
- package/dist/server/routes/file/controllers/uploadImage.js +13 -15
- package/dist/server/routes/logger/controllers/logger.file.js +1 -1
- package/dist/server/routes/menu/controllers/interfaces.d.ts +1 -7
- package/dist/server/routes/menu/controllers/interfaces.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/card.d.ts +1 -1
- package/dist/server/routes/table/controllers/card.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/card.js +15 -9
- package/dist/server/routes/table/controllers/filter.d.ts +1 -1
- package/dist/server/routes/table/controllers/filter.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/filter.js +9 -2
- package/dist/server/routes/table/controllers/form.d.ts +1 -1
- package/dist/server/routes/table/controllers/form.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/form.js +8 -5
- package/dist/server/routes/table/controllers/search.d.ts +1 -1
- package/dist/server/routes/table/controllers/search.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/search.js +5 -6
- package/dist/server/routes/table/controllers/suggest.d.ts +1 -1
- package/dist/server/routes/table/controllers/suggest.d.ts.map +1 -1
- package/dist/server/routes/table/controllers/suggest.js +30 -15
- package/dist/server/routes/table/functions/getData.d.ts +1 -1
- package/dist/server/routes/table/functions/getData.d.ts.map +1 -1
- package/dist/server/routes/table/functions/getData.js +60 -45
- package/dist/server/routes/upload/index.d.ts +2 -0
- package/dist/server/routes/upload/index.d.ts.map +1 -0
- package/dist/server/routes/upload/index.js +72 -0
- package/dist/server/types/core.d.ts +7 -1
- package/dist/server/types/core.d.ts.map +1 -1
- package/dist/utils.d.ts +5 -0
- package/dist/utils.d.ts.map +1 -1
- package/dist/utils.js +5 -0
- package/package.json +3 -3
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"unflattenObject.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/util/funcs/unflattenObject.ts"],"names":[],"mappings":"AAKA,MAAM,CAAC,OAAO,UAAU,eAAe,CAAC,OAAO,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"unflattenObject.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/util/funcs/unflattenObject.ts"],"names":[],"mappings":"AAKA,MAAM,CAAC,OAAO,UAAU,eAAe,CAAC,OAAO,EAAE,GAAG,MAkDnD"}
|
|
@@ -5,7 +5,9 @@
|
|
|
5
5
|
export default function unflattenObject(flatObj) {
|
|
6
6
|
const res = Object.keys(flatObj || {}).reduce((acc, key) => {
|
|
7
7
|
const keys = key.split(".");
|
|
8
|
-
keys.reduce((nestedObj,
|
|
8
|
+
keys.reduce((nestedObj, part1, index) => {
|
|
9
|
+
// ! prevent npx vitest run from upper case -ing env variables
|
|
10
|
+
const part = process.env.VITEST ? part1.toLowerCase() : part1;
|
|
9
11
|
if (index === keys.length - 1) {
|
|
10
12
|
// json array
|
|
11
13
|
if (typeof flatObj[key] === "string" &&
|
|
@@ -16,7 +18,7 @@ export default function unflattenObject(flatObj) {
|
|
|
16
18
|
nestedObj[part] = JSON.parse(flatObj[key] || "{}");
|
|
17
19
|
}
|
|
18
20
|
catch (err) {
|
|
19
|
-
console.warn(
|
|
21
|
+
console.warn(`⚠️ Error parsing JSON for key ${key}:`, err.toString());
|
|
20
22
|
nestedObj[part] = flatObj[key]; // fallback to original value if parsing fails
|
|
21
23
|
}
|
|
22
24
|
}
|
|
@@ -27,7 +29,7 @@ export default function unflattenObject(flatObj) {
|
|
|
27
29
|
nestedObj[part] = JSON.parse(flatObj[key] || "{}");
|
|
28
30
|
}
|
|
29
31
|
catch (err) {
|
|
30
|
-
console.warn(
|
|
32
|
+
console.warn(`⚠️ Error parsing JSON for key ${key}:`, err.toString());
|
|
31
33
|
nestedObj[part] = flatObj[key]; // fallback to original value if parsing fails
|
|
32
34
|
}
|
|
33
35
|
}
|
|
@@ -8,7 +8,7 @@ export default function accessGroup({ pg, params, user, unittest, }: {
|
|
|
8
8
|
user: Record<string, any>;
|
|
9
9
|
unittest?: any;
|
|
10
10
|
}, reply: FastifyReply): Promise<{
|
|
11
|
-
routes: any
|
|
12
|
-
users: any
|
|
11
|
+
routes: any;
|
|
12
|
+
users: any;
|
|
13
13
|
}>;
|
|
14
14
|
//# sourceMappingURL=access.group.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.group.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.group.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAIzD,wBAA8B,WAAW,CACvC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,QAAQ,GACT,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,EAED,KAAK,EAAE,YAAY;;;
|
|
1
|
+
{"version":3,"file":"access.group.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.group.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAIzD,wBAA8B,WAAW,CACvC,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,QAAQ,GACT,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,EAED,KAAK,EAAE,YAAY;;;GA+BpB"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { pgClients, getAdminAccess } from "../../../../utils.js";
|
|
2
2
|
export default async function accessGroup({ pg = pgClients.client, params, user = {}, unittest, }, reply) {
|
|
3
|
-
debugger;
|
|
4
3
|
if (!params?.id) {
|
|
5
4
|
return reply.status(400).send("not enough params: id");
|
|
6
5
|
}
|
|
@@ -9,7 +9,7 @@ export default function accessGroupPost({ pg, params, user, body, unittest, }: {
|
|
|
9
9
|
body: Record<string, any>;
|
|
10
10
|
unittest?: any;
|
|
11
11
|
}, reply: FastifyReply): Promise<{
|
|
12
|
-
routes: any
|
|
13
|
-
users: any
|
|
12
|
+
routes: any;
|
|
13
|
+
users: any;
|
|
14
14
|
}>;
|
|
15
15
|
//# sourceMappingURL=access.group.post.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.group.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.group.post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAKzD,wBAA8B,eAAe,CAC3C,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,IAAS,EACT,QAAQ,GACT,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,EACD,KAAK,EAAE,YAAY;;;
|
|
1
|
+
{"version":3,"file":"access.group.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.group.post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,KAAK,UAAU,EAAE,MAAM,wBAAwB,CAAC;AAKzD,wBAA8B,eAAe,CAC3C,EACE,EAAqB,EACrB,MAAM,EACN,IAAS,EACT,IAAS,EACT,QAAQ,GACT,EAAE;IACD,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,EACD,KAAK,EAAE,YAAY;;;GA2FpB"}
|
|
@@ -12,7 +12,6 @@ export default async function accessGroupPost({ pg = pgClients.client, params, u
|
|
|
12
12
|
}
|
|
13
13
|
const { users = [], routes = [] } = body;
|
|
14
14
|
if (!routes?.length) {
|
|
15
|
-
// return { message: 'not enough params: users / routes', status: 400 };
|
|
16
15
|
await pg.query("delete from admin.role_access where role_id=$1", [id]);
|
|
17
16
|
if (!users?.length) {
|
|
18
17
|
return reply.status(200).send({ id, routes });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../../../../../../../server/routes/auth/controllers/2factor/providers/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAU1D,UAAU,OAAO;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,UAAU,CAAC;CAChB;AAED,UAAU,KAAK;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAmBD,QAAA,MAAM,YAAY,GAAU,aAAa,OAAO,kBAK/C,CAAC;AAEF,QAAA,MAAM,YAAY,GAAU,aAAa,OAAO,kBAK/C,CAAC;AAEF,QAAA,MAAM,SAAS,GAAU,aAAa,OAAO;;;;EAc5C,CAAC;AAuBF,QAAA,MAAM,QAAQ,GAAU,aAAa,OAAO;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../../../../../../../server/routes/auth/controllers/2factor/providers/totp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAU1D,UAAU,OAAO;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,UAAU,CAAC;CAChB;AAED,UAAU,KAAK;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,UAAU,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAmBD,QAAA,MAAM,YAAY,GAAU,aAAa,OAAO,kBAK/C,CAAC;AAEF,QAAA,MAAM,YAAY,GAAU,aAAa,OAAO,kBAK/C,CAAC;AAEF,QAAA,MAAM,SAAS,GAAU,aAAa,OAAO;;;;EAc5C,CAAC;AAuBF,QAAA,MAAM,QAAQ,GAAU,aAAa,OAAO;;;;;;;;;;;;EA0D3C,CAAC;AAEF,QAAA,MAAM,MAAM,GAAU,0BAA0B,KAAK;;;EAiBpD,CAAC;AAKF,QAAA,MAAM,MAAM,GAAU,2BAA2B,KAAK,iBAqBrD,CAAC;AAEF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC;;AAE3E,wBAAoB"}
|
|
@@ -48,7 +48,7 @@ const generate = async ({ uid, pg }) => {
|
|
|
48
48
|
.then((el) => el.rows?.[0] || {});
|
|
49
49
|
const { sufix } = config.auth?.["2fa"] || {};
|
|
50
50
|
if (sufix && !userData[sufix]) {
|
|
51
|
-
console.warn("2fa prefix not found at userData");
|
|
51
|
+
console.warn("⚠️ 2fa prefix not found at userData");
|
|
52
52
|
}
|
|
53
53
|
const otp = getOTP((sufix ? userData[sufix] : null) || userData.login || userData.code || uid, secret);
|
|
54
54
|
const qrCodeAsImageSource = await qrcode.toDataURL(otp);
|
|
@@ -17,7 +17,7 @@ import { FastifyReply } from "fastify";
|
|
|
17
17
|
* @returns {String|Object} error Опис помилки
|
|
18
18
|
* @returns {String|Object} message Повідомлення про успішну реєстрацію
|
|
19
19
|
*/
|
|
20
|
-
export default function registration(
|
|
20
|
+
export default function registration(req: any, reply: FastifyReply): Promise<{
|
|
21
21
|
message: string;
|
|
22
22
|
status: number;
|
|
23
23
|
}>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/core/registration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"registration.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/core/registration.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAavC;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAA8B,YAAY,CACxC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY;;;GA2HpB"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
const q1 = 'select count(*) > 0 as "userExists" from admin.users where $1 in (email,login)';
|
|
2
2
|
const q2 = 'select count(*) > 0 as "contactExists" from crm_acc.crm_contact where email=$1';
|
|
3
3
|
const q3 = "select contact_id as uid from crm_acc.crm_contact where email=$1";
|
|
4
|
+
const qUser = "select * from admin.users where email = $1 and enabled";
|
|
4
5
|
import config from "../../../../../config.js";
|
|
5
6
|
import dataInsert from "../../../../plugins/crud/funcs/dataInsert.js";
|
|
6
7
|
import pgClients from "../../../../plugins/pg/pgClients.js";
|
|
8
|
+
import authorizeUser from "../../../../plugins/auth/funcs/authorizeUser.js";
|
|
7
9
|
/**
|
|
8
10
|
* АПІ призначене для реєстрації нового користувача на сайті
|
|
9
11
|
*
|
|
@@ -22,26 +24,42 @@ import pgClients from "../../../../plugins/pg/pgClients.js";
|
|
|
22
24
|
* @returns {String|Object} error Опис помилки
|
|
23
25
|
* @returns {String|Object} message Повідомлення про успішну реєстрацію
|
|
24
26
|
*/
|
|
25
|
-
export default async function registration(
|
|
27
|
+
export default async function registration(req, reply) {
|
|
28
|
+
const { pg = pgClients.client, body = {} } = req;
|
|
26
29
|
const { password, email } = body;
|
|
27
30
|
if (!password || (!email && !body.login)) {
|
|
28
|
-
return
|
|
31
|
+
return reply.status(400).send({
|
|
32
|
+
error: "Недостатньо параметрів",
|
|
33
|
+
code: 400,
|
|
34
|
+
});
|
|
29
35
|
}
|
|
30
36
|
const regularExp = /^([a-z0-9_-]+\.)*[a-z0-9_-]+@[a-z0-9_-]+(\.[a-z0-9_-]+)*\.[a-z]{2,6}$/;
|
|
31
37
|
if (email && !regularExp.test(email)) {
|
|
32
|
-
return
|
|
38
|
+
return reply.status(400).send({
|
|
39
|
+
error: "Параметр E-mail невалідний",
|
|
40
|
+
code: 400,
|
|
41
|
+
});
|
|
33
42
|
}
|
|
34
43
|
if (body?.first_name &&
|
|
35
44
|
!/[А-Яа-яA-Za-zёЁЇїІіЄєҐґ '-]+/.test(body?.first_name)) {
|
|
36
|
-
return
|
|
45
|
+
return reply.status(400).send({
|
|
46
|
+
error: "Параметр Ім'я невалідний",
|
|
47
|
+
code: 400,
|
|
48
|
+
});
|
|
37
49
|
}
|
|
38
50
|
if (body?.last_name &&
|
|
39
51
|
!/[А-Яа-яA-Za-zёЁЇїІіЄєҐґ '-]+/.test(body?.last_name)) {
|
|
40
|
-
return
|
|
52
|
+
return reply.status(400).send({
|
|
53
|
+
error: "Параметр Прізвище невалідний",
|
|
54
|
+
code: 400,
|
|
55
|
+
});
|
|
41
56
|
}
|
|
42
57
|
if (body?.phone &&
|
|
43
58
|
!/^\+\d{3}\s?\d{2}\s?\d{3}\s?\d{2}\s?\d{2}$/.test(body?.phone)) {
|
|
44
|
-
return
|
|
59
|
+
return reply.status(400).send({
|
|
60
|
+
error: "Параметр Телефон невалідний",
|
|
61
|
+
code: 400,
|
|
62
|
+
});
|
|
45
63
|
}
|
|
46
64
|
const login = body.login || email;
|
|
47
65
|
const data = {
|
|
@@ -63,7 +81,7 @@ export default async function registration({ pg = pgClients.client, body = {} },
|
|
|
63
81
|
const txt = !body.login
|
|
64
82
|
? "Даний адрес електронної пошти вже прив'язаний до іншого облікового запису"
|
|
65
83
|
: "Даний логін вже використовується";
|
|
66
|
-
return {
|
|
84
|
+
return reply.status(409).send({ error: txt, code: 409 });
|
|
67
85
|
}
|
|
68
86
|
if (pg.pk?.["crm_acc.crm_contact"]) {
|
|
69
87
|
// insert crm contact
|
|
@@ -74,7 +92,7 @@ export default async function registration({ pg = pgClients.client, body = {} },
|
|
|
74
92
|
const txt = !body.login
|
|
75
93
|
? "Користувача за даною адресою вже зареєстровано"
|
|
76
94
|
: "Даний логін вже використовується";
|
|
77
|
-
return {
|
|
95
|
+
return reply.status(409).send({ error: txt, code: 409 });
|
|
78
96
|
}
|
|
79
97
|
await dataInsert({ pg, table: "crm_acc.crm_contact", data });
|
|
80
98
|
const { uid } = await pg
|
|
@@ -92,5 +110,15 @@ export default async function registration({ pg = pgClients.client, body = {} },
|
|
|
92
110
|
data,
|
|
93
111
|
});
|
|
94
112
|
}
|
|
95
|
-
|
|
113
|
+
const newUser = await pg
|
|
114
|
+
.query(qUser, [login])
|
|
115
|
+
.then((res) => res.rows?.[0]);
|
|
116
|
+
if (!newUser) {
|
|
117
|
+
return { message: "Помилка завершення реєстрації, спробуйте увійти", status: 500 };
|
|
118
|
+
}
|
|
119
|
+
const authType = "creds-" + (newUser.user_type === "admin" ? "admin" : "user");
|
|
120
|
+
const result = await authorizeUser(newUser, req, authType);
|
|
121
|
+
return req.method === "GET"
|
|
122
|
+
? reply.status(302).redirect(result)
|
|
123
|
+
: reply.status(200).send(result);
|
|
96
124
|
}
|
|
@@ -3,7 +3,7 @@ import dataUpdate from "../../../../plugins/crud/funcs/dataUpdate.js";
|
|
|
3
3
|
export default async function updateUserInfo(req, reply) {
|
|
4
4
|
const { body: payload, pg = pgClients.client } = req;
|
|
5
5
|
if (!req.user?.uid) {
|
|
6
|
-
return reply.code(401).send({
|
|
6
|
+
return reply.code(401).send({ error: "Unauthorized", code: 401 });
|
|
7
7
|
}
|
|
8
8
|
const userInfo = Object.fromEntries(Object.entries(payload || {}).filter(([key]) => !["salt", "user_type"].includes(key)));
|
|
9
9
|
const result = await dataUpdate({
|
|
@@ -19,12 +19,12 @@ export default async function authorize(req, reply) {
|
|
|
19
19
|
if (response_type !== "code") {
|
|
20
20
|
return reply
|
|
21
21
|
.code(400)
|
|
22
|
-
.send({
|
|
22
|
+
.send({ error: "unsupported response_type", code: 400 });
|
|
23
23
|
}
|
|
24
24
|
if (!client_id) {
|
|
25
25
|
return reply
|
|
26
26
|
.code(400)
|
|
27
|
-
.send({
|
|
27
|
+
.send({ error: "not enough query params: client_id", code: 400 });
|
|
28
28
|
}
|
|
29
29
|
const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2 and ${scope ? "$1=any(scopes)" : "1=1"}`;
|
|
30
30
|
const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [], } = pg.pk?.["oauth.clients"]
|
|
@@ -33,12 +33,12 @@ export default async function authorize(req, reply) {
|
|
|
33
33
|
.then((el) => el.rows?.[0] || {})
|
|
34
34
|
: {};
|
|
35
35
|
if (!userId) {
|
|
36
|
-
return reply.code(400).send({
|
|
36
|
+
return reply.code(400).send({ error: "invalid client id", code: 400 });
|
|
37
37
|
}
|
|
38
38
|
if (redirect_uri &&
|
|
39
39
|
Array.isArray(redirect_uris) &&
|
|
40
40
|
!redirect_uris.includes(redirect_uri)) {
|
|
41
|
-
return reply.code(400).send({
|
|
41
|
+
return reply.code(400).send({ error: "invalid redirect_uri", code: 400 });
|
|
42
42
|
}
|
|
43
43
|
const user = pg.pk?.["admin.users"]
|
|
44
44
|
? await pg
|
|
@@ -48,7 +48,7 @@ export default async function authorize(req, reply) {
|
|
|
48
48
|
.then((el) => el.rows[0])
|
|
49
49
|
: null;
|
|
50
50
|
if (!user) {
|
|
51
|
-
return reply.code(404).send({
|
|
51
|
+
return reply.code(404).send({ error: "user not found", code: 404 });
|
|
52
52
|
}
|
|
53
53
|
const href1 = await authorizeUser(user, req, "jwt", expireMsec);
|
|
54
54
|
// Generate authorization code
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/jwt/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAmB5D,wBAA8B,UAAU,CACtC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../../../../server/routes/auth/controllers/jwt/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AAmB5D,wBAA8B,UAAU,CACtC,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,kBAmHpB"}
|
|
@@ -14,19 +14,17 @@ export default async function oauthToken(req, reply) {
|
|
|
14
14
|
const payload = req.method === "POST" ? body : query;
|
|
15
15
|
const { grant_type, client_id, code, redirect_uri, code_verifier } = payload;
|
|
16
16
|
if (grant_type !== "authorization_code") {
|
|
17
|
-
return reply
|
|
18
|
-
.code(400)
|
|
19
|
-
.send({ message: "unsupported grant_type", code: 400 });
|
|
17
|
+
return reply.code(400).send({ error: "unsupported grant_type", code: 400 });
|
|
20
18
|
}
|
|
21
19
|
if (!client_id) {
|
|
22
20
|
return reply
|
|
23
21
|
.code(400)
|
|
24
|
-
.send({
|
|
22
|
+
.send({ error: "not enough params: client_id", code: 400 });
|
|
25
23
|
}
|
|
26
24
|
if (!code) {
|
|
27
25
|
return reply
|
|
28
26
|
.code(400)
|
|
29
|
-
.send({
|
|
27
|
+
.send({ error: "not enough params: code", code: 400 });
|
|
30
28
|
}
|
|
31
29
|
const q = `select owner_user_id, client_secret_hash, redirect_uris from oauth.clients where client_id=$1 and token_endpoint_auth_method=$2`;
|
|
32
30
|
const { owner_user_id: userId, client_secret_hash: secret, redirect_uris = [], } = pg.pk?.["oauth.clients"]
|
|
@@ -41,31 +39,31 @@ export default async function oauthToken(req, reply) {
|
|
|
41
39
|
if (storedIp !== ip) {
|
|
42
40
|
return reply
|
|
43
41
|
.code(403)
|
|
44
|
-
.send({
|
|
42
|
+
.send({ error: "access restricted: wrong IP address", code: 403 });
|
|
45
43
|
}
|
|
46
44
|
if (!stored) {
|
|
47
45
|
return reply
|
|
48
46
|
.code(403)
|
|
49
|
-
.send({
|
|
47
|
+
.send({ error: "access restricted: code expired", code: 403 });
|
|
50
48
|
}
|
|
51
49
|
const isValid = await scryptVerify(stored, code);
|
|
52
50
|
if (!isValid) {
|
|
53
51
|
return reply
|
|
54
52
|
.code(403)
|
|
55
|
-
.send({
|
|
53
|
+
.send({ error: "access restricted: stored code mismatch", code: 403 });
|
|
56
54
|
}
|
|
57
55
|
if (!isCodeValid) {
|
|
58
56
|
return reply
|
|
59
57
|
.code(403)
|
|
60
|
-
.send({
|
|
58
|
+
.send({ error: "access restricted: invalid code", code: 403 });
|
|
61
59
|
}
|
|
62
60
|
if (!userId) {
|
|
63
|
-
return reply.code(400).send({
|
|
61
|
+
return reply.code(400).send({ error: "invalid client id", code: 400 });
|
|
64
62
|
}
|
|
65
63
|
if (redirect_uri &&
|
|
66
64
|
Array.isArray(redirect_uris) &&
|
|
67
65
|
!redirect_uris.includes(redirect_uri)) {
|
|
68
|
-
return reply.code(400).send({
|
|
66
|
+
return reply.code(400).send({ error: "invalid redirect_uri", code: 400 });
|
|
69
67
|
}
|
|
70
68
|
const user = pg.pk?.["admin.users"]
|
|
71
69
|
? await pg
|
|
@@ -75,7 +73,7 @@ export default async function oauthToken(req, reply) {
|
|
|
75
73
|
.then((el) => el.rows[0])
|
|
76
74
|
: null;
|
|
77
75
|
if (!user) {
|
|
78
|
-
return reply.code(404).send({
|
|
76
|
+
return reply.code(404).send({ error: "user not found", code: 404 });
|
|
79
77
|
}
|
|
80
78
|
const expire = expires_at ? expires_at - Date.now() : expireMsec;
|
|
81
79
|
const href1 = await authorizeUser(user, req, "jwt", expire);
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export default function cronApi(req: any): Promise<any>;
|
|
1
|
+
export default function cronApi(req: any, reply: any): Promise<any>;
|
|
2
2
|
//# sourceMappingURL=cronApi.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"AAEA,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"cronApi.d.ts","sourceRoot":"","sources":["../../../../../server/routes/cron/controllers/cronApi.ts"],"names":[],"mappings":"AAEA,wBAA8B,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAsBzD"}
|
|
@@ -1,15 +1,17 @@
|
|
|
1
1
|
import cronList from "../../../plugins/cron/cronList.js";
|
|
2
|
-
export default async function cronApi(req) {
|
|
2
|
+
export default async function cronApi(req, reply) {
|
|
3
3
|
const { params = {}, user = {}, hostname } = req;
|
|
4
4
|
if ((!user.uid || !user.user_type?.includes("admin")) &&
|
|
5
5
|
!hostname?.includes("local")) {
|
|
6
|
-
return {
|
|
6
|
+
return reply.status(403).send({ error: "access restricted", code: 403 });
|
|
7
7
|
}
|
|
8
8
|
if (params.name === "list") {
|
|
9
9
|
return { data: Object.keys(cronList || {}) };
|
|
10
10
|
}
|
|
11
11
|
if (!cronList[params.name]) {
|
|
12
|
-
return
|
|
12
|
+
return reply
|
|
13
|
+
.status(404)
|
|
14
|
+
.send({ error: `cron not found: ${params.name}`, code: 404 });
|
|
13
15
|
}
|
|
14
16
|
const result = await cronList[params.name]?.(req);
|
|
15
17
|
return result;
|
|
@@ -1,6 +1,3 @@
|
|
|
1
1
|
import { type FastifyReply } from "fastify";
|
|
2
|
-
export default function insert(req: any, reply: FastifyReply): Promise<
|
|
3
|
-
message: string;
|
|
4
|
-
status: number;
|
|
5
|
-
}>;
|
|
2
|
+
export default function insert(req: any, reply: FastifyReply): Promise<never>;
|
|
6
3
|
//# sourceMappingURL=insert.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY
|
|
1
|
+
{"version":3,"file":"insert.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/insert.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,SAAS,CAAC;AAgB5C,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,YAAY,kBA4KjE"}
|
|
@@ -2,7 +2,7 @@ import { applyHook, getAccess, getTemplate, checkXSS, checkSQL, dataInsert, getT
|
|
|
2
2
|
export default async function insert(req, reply) {
|
|
3
3
|
const { pg = pgClients.client, user = {}, params = {}, body = {}, headers = {}, } = req || {};
|
|
4
4
|
if (!user) {
|
|
5
|
-
return reply.status(403).send("access restricted");
|
|
5
|
+
return reply.status(403).send({ error: "access restricted", code: 403 });
|
|
6
6
|
}
|
|
7
7
|
const hookData = (await applyHook("preInsert", {
|
|
8
8
|
pg,
|
|
@@ -11,7 +11,10 @@ export default async function insert(req, reply) {
|
|
|
11
11
|
body,
|
|
12
12
|
}));
|
|
13
13
|
if (hookData?.message && hookData?.status) {
|
|
14
|
-
|
|
14
|
+
const response = hookData.status >= 400
|
|
15
|
+
? { error: hookData.message, code: hookData.status }
|
|
16
|
+
: hookData.message;
|
|
17
|
+
return reply.status(hookData.status).send(response);
|
|
15
18
|
}
|
|
16
19
|
const { referer } = headers;
|
|
17
20
|
const tokenData = await getToken({
|
|
@@ -30,18 +33,20 @@ export default async function insert(req, reply) {
|
|
|
30
33
|
!config.local &&
|
|
31
34
|
!config.security?.disableToken &&
|
|
32
35
|
!config.auth?.disable) {
|
|
33
|
-
return reply.status(400).send("invalid token");
|
|
36
|
+
return reply.status(400).send({ error: "invalid token", code: 400 });
|
|
34
37
|
}
|
|
35
38
|
if (!actions.includes("add") && !config.local && !tokenData) {
|
|
36
|
-
return reply
|
|
39
|
+
return reply
|
|
40
|
+
.status(403)
|
|
41
|
+
.send({ error: "access restricted: actions", code: 403 });
|
|
37
42
|
}
|
|
38
43
|
if (!add) {
|
|
39
|
-
return reply.status(400).send("table is required");
|
|
44
|
+
return reply.status(400).send({ error: "table is required", code: 400 });
|
|
40
45
|
}
|
|
41
46
|
const loadTemplate = await getTemplate("table", add);
|
|
42
47
|
const { table } = loadTemplate || hookData || tokenData || req.params || {};
|
|
43
48
|
if (!table) {
|
|
44
|
-
return reply.status(404).send("table not found");
|
|
49
|
+
return reply.status(404).send({ error: "table not found", code: 404 });
|
|
45
50
|
}
|
|
46
51
|
const formData = form || loadTemplate?.form
|
|
47
52
|
? (await getTemplate("form", form || loadTemplate?.form)) || {}
|
|
@@ -56,9 +61,10 @@ export default async function insert(req, reply) {
|
|
|
56
61
|
uid: user?.uid,
|
|
57
62
|
msg: xssCheck.error,
|
|
58
63
|
});
|
|
59
|
-
return reply
|
|
60
|
-
|
|
61
|
-
|
|
64
|
+
return reply.status(409).send({
|
|
65
|
+
error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
|
|
66
|
+
code: 409,
|
|
67
|
+
});
|
|
62
68
|
}
|
|
63
69
|
const fieldCheck = validateData({ body, schema });
|
|
64
70
|
if (fieldCheck.error) {
|
|
@@ -68,9 +74,10 @@ export default async function insert(req, reply) {
|
|
|
68
74
|
uid: user?.uid,
|
|
69
75
|
...fieldCheck,
|
|
70
76
|
});
|
|
71
|
-
return reply
|
|
72
|
-
|
|
73
|
-
|
|
77
|
+
return reply.status(409).send({
|
|
78
|
+
error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
|
|
79
|
+
code: 409,
|
|
80
|
+
});
|
|
74
81
|
}
|
|
75
82
|
const sqlCheck = checkSQL({ body, schema });
|
|
76
83
|
if (sqlCheck.error) {
|
|
@@ -80,9 +87,10 @@ export default async function insert(req, reply) {
|
|
|
80
87
|
uid: user?.uid,
|
|
81
88
|
...sqlCheck,
|
|
82
89
|
});
|
|
83
|
-
return reply
|
|
84
|
-
|
|
85
|
-
|
|
90
|
+
return reply.status(409).send({
|
|
91
|
+
error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
|
|
92
|
+
code: 409,
|
|
93
|
+
});
|
|
86
94
|
}
|
|
87
95
|
if (![add, table].includes("admin.users")) {
|
|
88
96
|
Object.assign(body, { uid: user?.uid, editor_id: user?.uid });
|
|
@@ -104,7 +112,7 @@ export default async function insert(req, reply) {
|
|
|
104
112
|
referer,
|
|
105
113
|
});
|
|
106
114
|
if (!res) {
|
|
107
|
-
return reply.status(400).send("nothing added");
|
|
115
|
+
return reply.status(400).send({ error: "nothing added", code: 400 });
|
|
108
116
|
}
|
|
109
117
|
// admin.custom_column
|
|
110
118
|
await applyHook("afterInsert", {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"table.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/table.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAe5C,wBAA8B,QAAQ,CACpC,GAAG,EAAE,GAAG,EACR,KAAK,EAAE,YAAY,EACnB,MAAM,EAAE,GAAG,gBAkOZ"}
|
|
@@ -22,14 +22,15 @@ export default async function tableAPI(req, reply, called) {
|
|
|
22
22
|
if (!loadTable &&
|
|
23
23
|
!pg.pk?.[tokenData?.table] &&
|
|
24
24
|
!(pg.pk?.[templateName] && called)) {
|
|
25
|
-
return reply.status(404).send("not found");
|
|
25
|
+
return reply.status(404).send({ error: "not found", code: 404 });
|
|
26
26
|
}
|
|
27
27
|
const { table: table1 = params.table, form: form1, obj, } = hookData || loadTable || tokenData || {};
|
|
28
28
|
const table = loadTable?.table || table1;
|
|
29
29
|
const form = loadTable?.form || form1;
|
|
30
30
|
const id = hookData?.id || tokenData?.id || params.id;
|
|
31
|
-
if (tokenData && !id)
|
|
32
|
-
return {
|
|
31
|
+
if (tokenData && !id) {
|
|
32
|
+
return reply.status(403).send({ error: "invalid token", code: 403 });
|
|
33
|
+
}
|
|
33
34
|
if (!table && !id) {
|
|
34
35
|
return reply.status(400).send("not enough params");
|
|
35
36
|
}
|
|
@@ -46,14 +47,18 @@ export default async function tableAPI(req, reply, called) {
|
|
|
46
47
|
return reply.status(400).send("invalid token");
|
|
47
48
|
}
|
|
48
49
|
if (!actions.includes("edit") && !config?.local && !tokenData && !called) {
|
|
49
|
-
return reply
|
|
50
|
+
return reply
|
|
51
|
+
.status(403)
|
|
52
|
+
.send({ error: "access restricted: actions", code: 403 });
|
|
50
53
|
}
|
|
51
54
|
const { pk, columns: dbColumns = [] } = await getMeta({
|
|
52
55
|
pg,
|
|
53
56
|
table,
|
|
54
57
|
});
|
|
55
58
|
if (!pk) {
|
|
56
|
-
return reply
|
|
59
|
+
return reply
|
|
60
|
+
.status(404)
|
|
61
|
+
.send({ error: `table not found: ${table}`, code: 404 });
|
|
57
62
|
}
|
|
58
63
|
// const cols = columns.map((el) => el.name || el).join(',');
|
|
59
64
|
const formData = (await getTemplate("form", form)) || {};
|
|
@@ -107,7 +112,9 @@ export default async function tableAPI(req, reply, called) {
|
|
|
107
112
|
.query(q.replace(/{{uid}}/, user?.uid), [id])
|
|
108
113
|
.then((el) => el.rows[0]);
|
|
109
114
|
if (!data) {
|
|
110
|
-
return reply
|
|
115
|
+
return reply
|
|
116
|
+
.status(404)
|
|
117
|
+
.send({ error: `object not found: ${id}`, code: 404 });
|
|
111
118
|
}
|
|
112
119
|
Object.keys(schema)
|
|
113
120
|
.filter((key) => schema[key]?.type === "DataTable")
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"update.d.ts","sourceRoot":"","sources":["../../../../../server/routes/crud/controllers/update.ts"],"names":[],"mappings":"AAeA,wBAA8B,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBA4LxD"}
|
|
@@ -4,7 +4,7 @@ import insert from "./insert.js";
|
|
|
4
4
|
export default async function update(req, reply) {
|
|
5
5
|
const { pg = pgClients.client, user, params = {}, body = {}, headers = {}, unittest, } = req;
|
|
6
6
|
if (!user) {
|
|
7
|
-
return reply.status(403).send("access restricted");
|
|
7
|
+
return reply.status(403).send({ error: "access restricted", code: 403 });
|
|
8
8
|
}
|
|
9
9
|
const hookData = (await applyHook("preUpdate", {
|
|
10
10
|
pg,
|
|
@@ -13,7 +13,10 @@ export default async function update(req, reply) {
|
|
|
13
13
|
user,
|
|
14
14
|
}));
|
|
15
15
|
if (hookData?.message && hookData?.status) {
|
|
16
|
-
|
|
16
|
+
const response = hookData.status >= 400
|
|
17
|
+
? { error: hookData.message, code: hookData.status }
|
|
18
|
+
: hookData.message;
|
|
19
|
+
return reply.status(hookData.status).send(response);
|
|
17
20
|
}
|
|
18
21
|
const { referer } = headers;
|
|
19
22
|
const tokenData = await getToken({
|
|
@@ -37,19 +40,21 @@ export default async function update(req, reply) {
|
|
|
37
40
|
!config.local &&
|
|
38
41
|
!config.security?.disableToken &&
|
|
39
42
|
!config.auth?.disable) {
|
|
40
|
-
return reply.status(400).send("invalid token");
|
|
43
|
+
return reply.status(400).send({ error: "invalid token", code: 400 });
|
|
41
44
|
}
|
|
42
45
|
if (!actions.includes("edit") && !config.local && !tokenData) {
|
|
43
|
-
return reply
|
|
46
|
+
return reply
|
|
47
|
+
.status(403)
|
|
48
|
+
.send({ error: "access restricted: actions", code: 403 });
|
|
44
49
|
}
|
|
45
50
|
if (!edit) {
|
|
46
|
-
return reply.status(400).send("table is required");
|
|
51
|
+
return reply.status(400).send({ error: "table is required", code: 400 });
|
|
47
52
|
}
|
|
48
53
|
if (!id && tokenData?.table) {
|
|
49
54
|
return insert(req, reply);
|
|
50
55
|
}
|
|
51
56
|
if (!id) {
|
|
52
|
-
return reply.status(400).send("id is required");
|
|
57
|
+
return reply.status(400).send({ error: "id is required", code: 400 });
|
|
53
58
|
}
|
|
54
59
|
const loadTemplate = await getTemplate("table", edit);
|
|
55
60
|
const { table } = loadTemplate || hookData || tokenData || params || {};
|
|
@@ -69,9 +74,10 @@ export default async function update(req, reply) {
|
|
|
69
74
|
const xssCheck = checkXSS({ body, schema });
|
|
70
75
|
if (xssCheck.error && formData?.xssCheck !== false) {
|
|
71
76
|
logger.file("injection/xss", { msg: xssCheck.error, table }, req);
|
|
72
|
-
return reply
|
|
73
|
-
|
|
74
|
-
|
|
77
|
+
return reply.status(409).send({
|
|
78
|
+
error: "Дані містять заборонені символи. Приберіть їх та спробуйте ще раз",
|
|
79
|
+
code: 409,
|
|
80
|
+
});
|
|
75
81
|
}
|
|
76
82
|
const fieldCheck = validateData({ body, schema });
|
|
77
83
|
if (fieldCheck.error) {
|
|
@@ -81,9 +87,10 @@ export default async function update(req, reply) {
|
|
|
81
87
|
uid: user?.uid,
|
|
82
88
|
...fieldCheck,
|
|
83
89
|
});
|
|
84
|
-
return reply
|
|
85
|
-
|
|
86
|
-
|
|
90
|
+
return reply.status(409).send({
|
|
91
|
+
error: "Дані не пройшли валідацію. Приберіть некоректні дані та спробуйте ще раз",
|
|
92
|
+
code: 409,
|
|
93
|
+
});
|
|
87
94
|
}
|
|
88
95
|
const sqlCheck = checkSQL({ body, schema });
|
|
89
96
|
if (sqlCheck.error) {
|
|
@@ -93,9 +100,10 @@ export default async function update(req, reply) {
|
|
|
93
100
|
uid: user?.uid,
|
|
94
101
|
...sqlCheck,
|
|
95
102
|
});
|
|
96
|
-
return reply
|
|
97
|
-
|
|
98
|
-
|
|
103
|
+
return reply.status(409).send({
|
|
104
|
+
error: "Дані містять заборонені sql символи. Приберіть їх та спробуйте ще раз",
|
|
105
|
+
code: 409,
|
|
106
|
+
});
|
|
99
107
|
}
|
|
100
108
|
if (tokenData?.obj) {
|
|
101
109
|
const objData = tokenData.obj?.split("#").reduce((p, el) => ({
|